FRUGAL WEB APPLICATION TESTING - CAN IN-HOUSE PENETRATION TESTING ACHIEVE INDUSTRY STANDARD RESULTS WHILE SAVING YOU MONEY? presented at BsidesCa 2017

by Harshal Chandorkar, Natalia Wadden,

Summary : We live in a time where web applications play crucial roles in our society. To deploy a web app into production without properly securing the code & conducting a penetration test to identify the vulnerabilities for remediation, is to welcome an adversary to negatively impact business function, bypass access controls and steal data. While third party vendors offer automated and manual web app penetration tests, these can be very costly and out of reach for many corporations. We will demonstrate how you can successfully build an in-house pentesting team while achieving industry standard results